Upload
nick-beattie
View
1.159
Download
2
Tags:
Embed Size (px)
Citation preview
Border Gateway Protocol Hijacking
Nick BeattieNetworking & SecurityApril 11th, 2011
What is theBorder Gateway Protocol?And, how can it be hijacked?
"I went around screaming my head about this about ten or twelve years ago…. We described this to intelligence agencies and to the National Security Council, in detail.”
-Peiter “Mudge” Zatko , 1998 Congress
h@ck3r Defense Advanced Research Project Agency – Program
Manager
“There’s no vulnerabilities, no protocol errors, there are no software problems. The problem arises (from) the level of interconnectivity that’s needed to maintain this mess, to keep it all working."
Why?It’s necessary.
Theory
Practice
Traffic routed towards DefCon – Las Vegas
Traffic rerouted back to DefCon – Las Vegas
Traffic routed through servers in New York City
YouTubePakistan’s Black Hole
China Telecom’s18 minutes of fame
• 170 Countries• 50,000 IP Blocks–15% of the Internet
• .com, .net, .org, .gov, .mil• Email• Instant messaging • Web requests
50,000 IP Blocks
China Telecom
Intended Destination
Worth Noting•What could they find in those 18 minutes? What type of processing power does China have?•Why didn’t China Telecom buckle under the increased Internet traffic?•What does mean is possible?• Corporate Espionage• Nation-state spying• Mining data without permission from ISPs
Security Needed• Secure BGP• Digital signatures and validation• Routers need more memory and
processing power• Trust is not enough
Who will pay?
Questionsabout BGP
Works Cited• http://thenextweb.com/apps/2010/11/16/china-hijacked-15-of-us-internet-traffic-and-no-one-noticed/• http://www.theregister.co.uk/2009/04/16/internet_backbone_hacking/• http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtm• http://www.youtube.com/watch?v=IzLPKuAOe50• http://news.bbc.co.uk/2/hi/technology/7262071.stm• http://www.wired.com/threatlevel/2008/08/revealed-the-in/